WCCPv2 Overview and Implementation Best Practices

By Zach Seils

Web Cache Communication Protocol (WCCP) has been around for the past 10 years, ever since Cisco first invented the protocol to transparently intercept web traffic and redirect it to local caching devices. Since that time, WCCP has evolved into a general purpose transparent interception mechanism for any IP-based protocol. Over the past couple of years the use of WCCPv2 has grown significantly with the popularity of WAN optimization and application acceleration solutions, such as Cisco Wide Area Application Services (WAAS). As a Cisco IOS feature, WCCPv2 is supported across numerous routing and switching platforms. This article provides an overview of the key aspects of WCCPv2, and provides best practice recommendations for implementation.

WCCP Overview

WCCPv2 consists of both a server and client component. The WCCP server is responsible for redirecting “interesting” traffic to one or more WCCP clients.  WCCP server functionality is implemented in Cisco IOS and is supported across numerous router and switch platforms, including:

  • Catalyst 3560/3750 Series Switches
  • Catalyst 4500/4948 Series Switches
  • Catalyst 6500 Series Switches
  • Cisco 1800/2800/3800 Series Integrated Services Routers (ISR)
  • Cisco 7600 Series Routers

A WCCP client is responsible for defining which types of traffic are “interesting,” based on IP protocol and (optionally) Layer 4 transport protocol ports.  Cisco has WCCP client implementations across numerous products, including Cisco Wide Area Application Services (WAAS). The WCCP client is also responsible for defining several aspects of the protocol behavior, such as how traffic is redirected between devices and how load distribution occurs among multiple WCCP clients in a cluster. The following sections describe the key aspects of WCCPv2.

Service Groups

The WCCP servers and clients participating in the same service are referred to as a service group. A service group defines a set of characteristics about what types of traffic are intercepted, as well as how the intercepted traffic should be handled. Service groups are defined as one of two types: well-known or dynamic. Well-known services, also referred to as static services, have a fixed set of characteristics that are known by both the WCCP server (IOS) and client. In contrast, the characteristics of a dynamic service are initially only known by the WCCP client. The characteristics of a dynamic service are communicated to the WCCP server (IOS) when the client joins the service group.
Each service group is identified by a unique service ID, which is a number from 0 to 255. Service IDs 0 to 50 are reserved for well-known services.

Forwarding Method

The WCCP forwarding method determines how intercepted traffic is transmitted from the WCCP server (IOS) to the WCCP client (for example, a WAE running Cisco WAAS). There are two different forwarding methods:

  • Generic Routing Encapsulation (GRE) – GRE forwarding, which is the default forwarding method, encapsulates the intercepted packet in an IP GRE header with a source IP address of the WCCP server (IOS) and a destination IP address of the target WCCP client. This has the effect of a tunnel, allowing the WCCP server (IOS) to be multiple Layer 3 hops away from the WCCP client.

The following figure shows an example of WCCP interception with GRE forwarding.

  • Layer 2 (L2) – L2 forwarding, which is currently only available on hardware-based platforms such as the Catalyst series switches, simply rewrites the destination MAC address of the intercepted packet to equal the MAC address of the target WCCP client. L2 forwarding requires that the WCCP server (IOS) is Layer 2 adjacent to the WCCP client.

The following figure shows an example of WCCP interception with L2 forwarding.

Return Method

The WCCP return method defines a mechanism for the WCCP client to return intercepted traffic back to the WCCP server (IOS). Initially the return method was intended to provide a way for WCCP clients to reinject traffic back into the network that was not/could not be serviced by the WCCP client. However, several WCCP client implementations today, including Cisco WAAS, allow for all transparently intercepted traffic to be returned to the WCCP server (IOS) even if the WCCP client services it. The benefit of this approach is that intercepted traffic is ultimately forwarded based on the original forwarding decision in the network.

Like the WCCP forwarding method, there are two options for the WCCP return method:

  • Generic Routing Encapsulation (GRE) – Packets are encapsulated in an IP GRE header with a source IP address of the WCCP client and a destination IP address of the WCCP server (IOS). The WCCP server (IOS) knows not to re-intercept GRE return traffic coming from a WCCP client.
  • Layer 2 (L2) –The destination MAC address is set to the MAC address of the WCCP server. In order to avoid re-intercepting L2 return traffic, the WCCP client should reside on a separate VLAN from host systems that it is servicing.

Assignment Method

When multiple WCCP clients are registered in the same service group, WCCP automatically distributes intercepted traffic across all of the WCCP clients in the service group. The mechanism that determines how intercepted traffic is distributed across the WCCP clients in the service group is called the assignment method. In WCCPv2, there are two available assignment methods: hash assignment and mask assignment.

The default assignment method, hash assignment, uses a 256-bucket redirection hash table to distribute traffic across the WCCP clients in a service group. As a WCCO server (IOS) intercepts traffic, the source/destination IP address or source/destination port (depending on the service group configuration) is run through a hash function to produce an index value. The index value maps into one of the 256 buckets in the hash table. Each bucket in the hash table is assigned to a WCCP client in the service group. The following figure shows the hashing and bucket assignment concept.

Mask assignment, which is currently only available on hardware-based routers/switches, uses masks and a table of values to distribute traffic across the WCCP clients in a service group. Mask assignment was developed specifically for the Cisco Catalyst series switches, and is one of the key characteristics that enables WCCP interception to be performed completely in hardware on these platforms. As the WCCP server (IOS) intercepts traffic, a bitwise AND operation is performed between each mask value and the contents of the packet (specifically the source/destination IP addresses and ports). The result is then compared to a list of values for each mask. Each value is assigned to a specific WCCP client in the service group. The following figure shows the masking and value assignment concept.

Interception Direction

The WCCP server (IOS) configuration consists of settings in both global and interface configuration modes. The global configuration defines the service group IDs that the WCCP server (IOS) will support.
Once the global configuration is complete, WCCP is enabled on each interface where traffic should be evaluated for interception. The WCCP interface configuration is either applied inbound or outbound. Inbound interception evaluates traffic entering the interface from outside the router, while outbound interception evaluates traffic leaving the router through an interface. The following configuration example shows two different routers with inbound and outbound interception.
hostname INBOUND
ipwccp 99
interface GigabitEthernet0/0
ip address
ipwccp 99 redirect in

hostname OUTBOUND
ipwccp 99
interface Serial0/0
ip address
ipwccp 99 redirect out

In cases where outbound interception is used with a WCCP service that spoofs the client IP address, the "ipwccp redirect exclude in" command should be configured on the Layer 3 interface connecting to the WCCP client. Traffic entering the WCCP server (IOS) interface with this command configured is excluded from interception anywhere else in the router.

Implementation Best Practices

Support for the different WCCP characteristics described in this article varies depending on the WCCP server (IOS) platform. When discussing WCCP implementation best practices, we will divide the WCCP server (IOS) platforms into two categories: software-based and hardware-based. Software-based platforms include all IOS routers that perform packet forwarding in software. This includes the Cisco ISR and 7200 series platforms. Hardware-based platforms include all of the Catalyst series switches and the 7600 series router.
The following best practices should be followed for implementing WCCP on a software-based platform:

  • GRE Forwarding (Default)
  • Hash Assignment (Default)
  • Inbound or Outbound Interception
  • "ipwccp redirect exclude in" on WCCP client interface (outbound interception only)

The following best practices should be followed for implementing WCCP on a hardware-based platform:

  • L2 Forwarding
  • Mask Assignment
  • Inbound Interception
  • No "ipwccp redirect exclude in"

This combination of configuration options will ensure WCCP interception is handled completely in hardware on hardware-based platforms. There is no impact on switch CPU utilization or forwarding performance in these cases. Use of alternate configurations, especially hash assignment or the ipwccp redirect exclude in command, on hardware-based platforms can lead to elevated levels of CPU utilization and a reduction in overall performance.


This article provides you with an overview of the key characteristics of WCCPv2, including service groups, forwarding and return methods, assignment methods, and interception direction. These characteristics are important to understand when implementing WCCP, and they can impact the performance of the WCCP-enabled IOS device. It also provides the best practice recommendations for implementing WCCP on both software and hardware-based platforms.

Zach SeilsAbout the author:

Zach Seils, CCIE #7861, is a Technical Leader in the Cisco Advanced Services Data Center Networking Practice. He is the co-author of Deploying Cisco Wide Area Application Services available from Cisco Press.

Zach’s focus is the design, deployment, and troubleshooting of WAN and Application Optimization solutions for Cisco’s largest enterprise and service provider customers. He is also frequently engaged with partners and internal Cisco engineers worldwide to advise on the design, implementation, and troubleshooting of Cisco WAAS. In addition to working closely with partners and customers, he works closely with the various internal Cisco business units on product enhancements, testing, and application acceleration architectures. Prior to joining Cisco, Zach spent six years in various senior technical roles at a Managed Service Provider.

Deploying Cisco Wide Area Application Services

Deploying Cisco Wide Area Application Services
Zach Seils and Joel Christner
ISBN-10: 1587054949
Pub Date: 5/8/2008
US SRP $70.00
Publisher: Cisco Press